Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22914

A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled.

Published

2023-04-24T17:15:09.627

Last Modified

2024-11-21T07:45:38.337

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-22
  • Type: Primary
    CWE-22
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System zyxel usg_flex_100_firmware ≤ 5.35 Yes
Hardware zyxel usg_flex_100 - No
Operating System zyxel usg_flex_100w_firmware ≤ 5.35 Yes
Hardware zyxel usg_flex_100w - No
Operating System zyxel usg_flex_200_firmware ≤ 5.35 Yes
Hardware zyxel usg_flex_200 - No
Operating System zyxel usg_flex_50_firmware ≤ 5.35 Yes
Hardware zyxel usg_flex_50 - No
Operating System zyxel usg_flex_50w_firmware ≤ 5.35 Yes
Hardware zyxel usg_flex_50w - No
Operating System zyxel usg_flex_500_firmware ≤ 5.35 Yes
Hardware zyxel usg_flex_500 - No
Operating System zyxel usg_flex_700_firmware ≤ 5.35 Yes
Hardware zyxel usg_flex_700 - No
Operating System zyxel vpn100_firmware ≤ 5.35 Yes
Hardware zyxel vpn100 - No
Operating System zyxel vpn1000_firmware ≤ 5.35 Yes
Hardware zyxel vpn1000 - No
Operating System zyxel vpn300_firmware ≤ 5.35 Yes
Hardware zyxel vpn300 - No
Operating System zyxel vpn50_firmware ≤ 5.35 Yes
Hardware zyxel vpn50 - No
References